On Monday, QNAP, a Taiwanese hardware company, advised customers to stop Universal Plug and Play (UPnP) port forwarding on their routers to avoid exposing their network-attached storage (NAS) devices to cyberattacks. UPnP is a collection of unsecured network protocols that facilitate peer-to-peer interactions between devices but lack encryption and authentication.
It also enables them to join and exit networks dynamically, receive IP addresses, advertise their capabilities, and learn about the capabilities of other UPnP devices on the network. UPnP Port Forwarding enables network devices to connect with one another and form groups for simpler data exchange.
“Hackers can abuse UPnP to attack through malicious files to infect your system and gain control. Despite its convenience, UPnP may expose your device to public networks and malicious attacks,” QNAP said. “It is recommended that your QNAP NAS stay behind your router and firewall without a public IP address. You should disable manual port forwarding and UPnP auto port forwarding for QNAP NAS in your router configuration.”
QNAP advises using the router’s VPN function (if available), the myQNAPcloud Link service, and the VPN server on QNAP devices offered by the QVPN Service app or the QuWAN SD-WAN solution as solutions for people who require access to NAS systems without a direct Internet connection.
In January, QNAP warned consumers to protect their NAS equipment against active ransomware and brute-force attacks. According to the company, users should check if their NAS is accessible over the Internet and take the following steps to protect themselves against incoming compromise attempts:
- Disable the router’s Port Forwarding function: Check the Virtual Server, NAT, or Port Forwarding options in your router’s management interface, and disable the port forwarding settings for the NAS management service port (port 8080 and 433 by default).
- Disable the QNAP NAS’s UPnP function: On the QTS menu, go to myQNAPcloud, click “Auto Router Configuration,” and uncheck “Enable UPnP Port Forwarding.”
Disabling SSH and Telnet connections, altering the system port number and device password, and setting IP and account access security are all covered in detail by QNAP. Before Christmas, a rise in eCh0raix (or QNAPCrypt) ransomware assaults leveraging an undisclosed attack vector prompted the alert. Successful ransomware attacks were connected by some users at the time to improperly protected Internet-exposed devices.